"ElmersGlue" virus removal guide
What is "ElmersGlue"?
ElmersGlue is a ransomware-type virus that stealthily infiltrates systems and encrypts files. In doing so, ElmersGlue appends the ".elmerlocked" extension to the name of each encrypted file. For example, "sample.jpg" is renamed to "sample.jpg.elmerlocked". Following successful encryption, ElmersGlue locks the computer screen and displays a ransom-demand message.
Note that ElmersGlue malware locks computer screens, whilst other ransomware-type viruses create .txt or HTML files containing ransom-demand messages. The ElmersGlue message informs victims of the encryption and states that a ransom of the equivalent of $64 in Bitcoins must be paid to restore compromised data. It is currently unknown whether ElmersGlue uses symmetric or asymmetric cryptography. In any case, decryption without a unique key is impossible. Cyber criminals store this key on a remote server and victims are encouraged to pay a ransom to receive it. Research shows, however, that paying does not guarantee that files will ever be decrypted. Cyber criminals often ignore victims once payments are submitted - there is a high probability that paying will not deliver any positive results and you might be scammed. Therefore, we strongly advise you to ignore all requests to pay or contact these people. Unfortunately, there are no tools capable of restoring files encrypted by ElmersGlue malware and the only solution is to restore your files/system from a backup.
Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data:
The Internet is full of ransomawre-type viruses similar to ElmersGlue. EncrypTile, GlobeImposter, and BeethoveN (these are just some examples from a long list). All ransomware encrypts files and makes ransom demands. There are just two major differences: 1) type of encryption algorithm used, and; 2) cost of decryption. Most of these viruses use cryptographies that generate unique decryption keys and, thus, restoring files manually is usually impossible.
How did ransomware infect my computer?
How to protect yourself from ransomware infections?
To prevent this situation, be very cautious when browsing the Internet. Firstly, never open files received from suspicious email addresses or download software from unofficial sources. Secondly, keep your installed applications up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.
Text presented within ElmersGlue ransomware lock screen:
Elmer’s Glue Locker v2.0
Your computer has been locked with some EXTREMELY sticky Elmer’s Glue
There is only one way to remove the Elmer’s Glue is to copy your unlock ID
Send $64 in bitcoins to this bitcoin address:
Once you have paid, send an email to firstname.lastname@example.org and give us your unlock ID. We will check you payment and then give you the code. When the 2 hour timer hits zero, your files will be encrypted.
Got your 5 digit code? Submit it here.
Screenshot of ElmersGlue previous lock screen design:
Screenshot of files encrypted by ElmersGlue (".elmerslocked" extension):
- What is "ElmersGlue"?
- STEP 1. "ElmersGlue" virus removal using safe mode with networking.
- STEP 2. "ElmersGlue" virus removal using System Restore.
"ElmersGlue" virus removal:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking Prompt.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Log in to the account infected with the "ElmersGlue" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove viruses using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window, click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the "ElmersGlue" virus infiltrating your PC).
6. In the opened window, click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the "ElmersGlue" virus.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some viruses disable Safe Mode making it's removal complicated. For this step, you require access to another computer. After removing "ElmersGlue" virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.
Other tools known to remove this scam: